Multiple vulnerabilites in synedra Control allowed all authenticated users to retrieve the entire user directory
Swiss Health Sector
NTCF:
NTCF-2024-88547
Product:
synedra Control
Vendor:
synedra IT GmbH
Criticality:
medium
Status:
fixed
Discovered:
2024-12-23
Detail:
Public
Vulnerable version:
<25.0 Rhea
Fixed version:
25.0 Rhea
Description
In accordance with NTC Vulnerability Disclosure Policy, no technical details about this vulnerability will be publicly disclosed. Further details may be provided on a case by case basis.
Please use the contact form and provide an explanation for your request.
Affected customers can also request these details directly from synedra.
Timeline
2024-12-23: initial discovery
2025-01-15: first contact to vendor
2025-01-15: private disclosure to vendor
2025-03-31: fix by vendor
2025-05-21: public disclosure